ASUS s10e XP Home connect to Cisco Wireless LAN Controller 4402 problem

I have a WLC 4402 Wireless LAN Controller with multiple 1131 AP on LWAPP. WLAN has security setting on WPA+WPA2 with PSK share key. All computers in domain are fine, wireless connections are steady. I have a group of students use Netbook on Windows XP Home SP3 got connection and drop situation. Syetem event log on XP has continuous 4201 and 4202 cases, and on WLC it also has continuous log as
*Apr 19 10:35:44.046: %DOT1X-3-MAX_EAPOL_KEY_RETRANS: 1x_ptsm.c:407 Max EAPOL-key M1 retransmissions exceeded for client 00:26:5e:eb:fd:0a
Base on Cisco error message bank, the explanation as following:
Error Message    %DOT1X-3-MAX_EAPOL_KEY_RETRANS: Max EAPOL-key M[int] retransmissions exceeded for client [hex]:[hex]:[hex]:[hex]:[hex]:[hex]
Explanation    Client authentication failed because the client did not respond to an EAPOL-key message.
Recommended Action    Ensure that user credentials are correct on the client and on the AAA server.
I understand XP Home has no certificate from Domain environment therefore I didn't setup any AAA server service. How can this problem be resolved? Keep trying on security combination, but no luck. Please Help. Thanks.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

So the 4402 is simply authenticating via a PSK no AAA at all?
It seems that the client is requesting to authenticate using 802.1x (radius / AAA)

Is this client connecting to a different SSID, and in so/if not, are they other working computers connecting to the same SSID and same WLAN config?

Have you seen this? 

Could you create a new SSID with no authentication, and just associate one of these XP home machines? I have used the 4402 and I think its a crok, but never the less, I think it could be related to the interpretation of security models between the WLC and the XP 'Home' clients. At lease this will tick off alot of potential problems, allowing us to really see what is causing the problem
UCOMAuthor Commented:
Hi, Naykam
Thanks for the reply. Yes, I saw this MS knowledge base, and those Home machines are SP3. I also connect to certsrv web certificate authority to inject in a domain certificate per the recommendation from Cisco, but no help. I am wondering if anyone has experience using XP Home on Cisco WLC successfully, and how's the configuration?  Thanks again.
are you using 802.1x at all?
Virus Depot: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. View our webinar recording to learn how to best defend against these attacks!

UCOMAuthor Commented:
No, we didn't use 802.1x. Simply WPA + WPA2 with PSK. Thanks,
Can you remove all security auth, and see if the clients connect / create a new network, as mentioned in a earlier post.

UCOMAuthor Commented:
As I said originally, there is no security auth setting in WLC. The client did connect and drop in seconds, event log has 4201 and 4202 that hints the drop behaves normally. When it was connected, nowhere I can ping except the virtual port.
What i am referring to, is the WPA PSK. So as mentioned, is it possible to create another network? To eliminate some problems?
UCOMAuthor Commented:
I did change WLAN on WLC to be WEP 128 bit encryption without WPA authentication, but the result is the same.
Can you strip all authentication and try it?

Its not a matter of what level, its trying to determine if the WLC is processing the authentication requests properly
UCOMAuthor Commented:
It turns out a working configuration by dummy the 1st WLAN profile. I believe this is a bug in WLC device, the 1st WLAN profile requests authtication automatically by an OS certificate even AAA is not enabled. Add one more profile at the same configuration with different SSID, XP Home can access wireless network flawlessly. Of course, those domain computers can work as before.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.